Lazarus Group concealed a four-module remote access toolkit inside six fake npm Rollup polyfill packages that fired at import ...
Malicious npm packages mimicking Rollup polyfill tooling steal browser data, crypto wallets, and AI tool credentials in a Lazarus-linked campaign.
JFrog says six malicious npm packages used hidden install-time execution, JSONKeeper fetches, and sandbox checks to enable remote access.
TL;DR The Shai-Hulud Miasma campaign has a fresh series of malicious packages following the compromise of the czirker ...
Connect all your configuration files and autogenerate code—Jsonnet is the missing piece for large code bases.
June 19, 2026 update: Microsoft assesses with high confidence that this activity is attributable to Sapphire Sleet, a North Korean state actor that primarily targets the financial sector. The ...
A new "coordinated" supply chain attack campaign has impacted eight packages on Packagist including malicious code designed to run a Linux binary retrieved from a GitHub Releases URL. "Although the ...
Any development environment that installed or imported one of the 172 compromised npm or PyPI packages published since May 11 should be treated as potentially compromised. On affected developer ...
On March 31, 2026, two new npm packages for updated versions of Axios, a popular HTTP client for JavaScript that simplifies making HTTP requests to a REST endpoint with over 70 million weekly ...
Finland’s recent racist scandal involving public figures has exposed deep structural racism that challenges its global reputation for fairness and inclusion. The incident sparked significant backlash ...
Yemen’s economy suffers from heavy reliance on imports and political instability that undermine development efforts led by the Southern Transitional Council and the internationally recognized ...